In the last couple months, we've had several proxy servers with high CPU loads ( over 90%) resulting in slow browsing for our customers. Internally we are trying to find the culprit machine(s) but we've been unsuccessful; in addition, we’ve sent Mcafee feedbacks but they don’t really capture or identify the root cause.
Does anyone have any ideas on what we can do proactively obtain the CONNECTIONS being established either by source IP’s \ MAC Address\ URL being called\ etc .to try to identify the culprit. I’m hoping someone has a similar issue and created some sort of RuleBase to capture something similar to our problem.
Message was edited by: cestrada on 3/22/13 9:52:38 AM CDT
check the following items.
1. Is your box simply undersized? How many req/sec is your box processing during your peak cpu times? Dashboard > Charts and Tables> Web Traffic Summary. Add up the http and https req. (Easiest if you look at 1 min resolution then divide by 60). Make sure the req/sec doesnt exceed the capacity of your box.
2. Is your DNS or Authentication causing a delay which in turn causing MWG to hold the session open longer than necessary, which in turn can cause high CPU spike? Check your dashboard > Charts and Tables > Performance Info and the Authentication Stats. Look for high DNS and/or NTLM auth times. (If authentication is applicable)
3. Are you using older hardware that you have upgraded to version 7? If so, did you increase the RAM? I find lots of customers that are using the older hardware but left the RAM at 4GB. 4GB is barely enough to operate MWG properly. You should look adding RAM or refreshing your hardware with the newer models.
If you still don't see anything obvious, try posting more info about your exact hardware as well as screen shots with the above information.